formbook | JaffaCakes118_cf327d6a5937d13337a674221cdc0d8bd7eadb425f465a056aeeeee9c9409c83

General

Target

JaffaCakes118_cf327d6a5937d13337a674221cdc0d8bd7eadb425f465a056aeeeee9c9409c83
Size

188KB
MD5

4b63556cbec8694c87098b450b5c7b77
SHA1

ff3b4f7ed0895d7e2c5e2cb24c76095e492be820
SHA256

cf327d6a5937d13337a674221cdc0d8bd7eadb425f465a056aeeeee9c9409c83
SHA512

40e9a8bcecfc247852581152c7e425d06563d82661cd47806d98630e9a94c336a4aeb1fc9a383ecc83be724087b6c0dd3ae96506407d8245477905c03be1fe65
SSDEEP

3072:D6T75sk1JkPns93bcRAHqv3/Muy1QMvVYvgRpGj7jgSpefAlv:+5rrxbwEqv3/JMddpqifAl

Score

10^/10

rat g9s4 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

g9s4

Decoy

visitmechanic.com

xn--kck4a7gpd474vx6i.com

prozdorovie.online

omatpupa.xyz

zamokwakhekhumalo.com

mayuraandchris.com

wanasahstore.com

bicicletas.win

yhdm61.com

mortgageattract.com

centuryofbio.com

xtdkgjt.com

nhahangnetnghe.com

whatsappsemcontato.com

onlinemarketing-teamwebus.com

zuevu.com

dancaronmusic.com

tingseo.com

uniflapline.com

setuppharmaweb.online

Signatures

Formbook family
formbook

Formbook payload 1 IoCs

rat

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_cf327d6a5937d13337a674221cdc0d8bd7eadb425f465a056aeeeee9c9409c83

Files

JaffaCakes118_cf327d6a5937d13337a674221cdc0d8bd7eadb425f465a056aeeeee9c9409c83
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB